Security implications of mobile applications related to the thing

I, like many people, will be doing some international travel soon, my first since “the thing”. My destinations include two countries that require mobile applications to be installed so that the governments can, uh, insure my safety and the safety of others.

I am not a security expert but I do listen to the Level1 news and I’m not naive. I was wondering if a more knowledgable person would explain, or hypothesize, what kinds of security flaws could be exploited through these applications. I believe there have been multiple examples of these applications being misused already.

Here are some questions/suggestions to start the discussion…

  1. On the client side, I have heard plenty of stories of insecure JavaScript libraries and so on that lead to root access and therefore grant access to anything the attacker might want out of a device. What I do not really know is how useful that would be for a random civilian’s cell phone. I do not even really know how much of my information is permanently stored or accessible on my device; it is made a bit opaque to the user. What is the worst case, and further, what is the more realistically bad case, for client side exploits?

  2. These apps also probably involve a lot of phoning home, and the data on those servers is not necessarily secure. Further, the security of every country, and the lucrativeness of attacking each country, are not fully equal. Again, I do not have a strong idea of how much or how valuable this information would be to an attacker. How much personally identifiable data could be transacted in a really bad implementation of these apps, which for many countries are now mandatory to install?

  3. I am considering leaving my primary device at home and bringing a burner. But I am not convinced this would even do me good. I mean, StuxNet kind of shows that someone who wants something badly enough can get it done. I’m not as important as nuclear weaponry so I am not concerned with StuxNet, but my question is, how much would a burner even help? There are these gigantic databases with browser fingerprints, StuxNet… Etc. If I used a burner while visiting these nations, uninstalled the tracking apps ASAP then turned my burner on back on my home network WiFi - how bad can that be in the worst/realistic cases (how much is really deleted when you uninstall a phone app?)?

Anyway I am obviously not an expert, but thought maybe some experts would have interesting discussions and comments on the subject!

nope nope nope nope nope nope

I would 100% get a burner phone to use for this, as you said

1 Like

Its ok man, you can name drop SARS-CoV2/CoVid-19 here. This aint the Google and the Youtube. The L1T team wont be demonetized…:


Just like any other app that phones anything home.

If this is off concern, may I ask what sort of DIY/FOSS Brick your current smartphone is? Else, this is just hitting consent when Google prompts for your soul.

Always a good idea for cross-country border travel.

Depending on Android or iOS, one or the other knows anyway when “random device” stays in hotels first, then takes a plane to go sleep for 2/3rds per day in “your address here”.
Basically my first reply again.